Security Vulnerabilities - CVEs Published In October 2017
A Reflected and Stored Cross-Site Scripting (XSS) vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. This vulnerability could be exploited remotely to allow Reflected and Stored Cross-Site Scripting (XSS)
CVSS Score
6.1
EPSS Score
0.004
Published
2017-10-31
A URL redirection to untrusted site vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. This vulnerability could be exploited remotely to allow URL redirection to untrusted site.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-10-31
Flexense SyncBreeze Enterprise version 10.1.16 is vulnerable to a buffer overflow that can be exploited for arbitrary code execution. The flaw is triggered by providing a long input into the "Destination directory" field, either within an XML document or through use of passive mode.
CVSS Score
7.8
EPSS Score
0.104
Published
2017-10-31
Embedding Script (XSS) in HTTP Headers vulnerability in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote authenticated users to view confidential information via a cross site request forgery attack.
CVSS Score
5.4
EPSS Score
0.002
Published
2017-10-31
Missing HTTP Strict Transport Security state information vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows man-in-the-middle attackers to expose confidential data via read files on the webserver.
CVSS Score
5.9
EPSS Score
0.003
Published
2017-10-31
Network Data Loss Prevention is vulnerable to MIME type sniffing which allows older versions of Internet Explorer to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the intended content type.
CVSS Score
7.5
EPSS Score
0.003
Published
2017-10-31
Insecure default configuration in Progress Software OpenEdge 10.2x and 11.x allows unauthenticated remote attackers to specify arbitrary URLs from which to load and execute malicious Java classes via port 20931.
CVSS Score
9.8
EPSS Score
0.001
Published
2017-10-31
D-Link DSL-2740E 1.00_BG_20150720 devices are prone to persistent XSS attacks in the username and password fields: a remote unauthenticated user may craft logins and passwords with script tags in them. Because there is no sanitization in the input fields, an unaware logged-in administrator may be a victim when checking the router logs.
CVSS Score
6.1
EPSS Score
0.003
Published
2017-10-31
EMC RSA Authentication Manager 8.2 SP1 P4 and earlier contains a reflected cross-site scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system.
CVSS Score
6.1
EPSS Score
0.003
Published
2017-10-31
Protected Links - Expiring Download Links 1.0 allows SQL Injection via the username parameter.
CVSS Score
9.8
EPSS Score
0.015
Published
2017-10-31